Privacy Policy
Table of Contents
- Overview and Scope
- Quick Summary
- Key Definitions
- Who Controls Your Information
- Eligibility and Age Rules
- Information You Provide
- Information We Collect Automatically
- Information From Third Parties
- Sensitive Information and Civic/Political Data
- How We Use Information
- AI, Recommendations, Civic Score and Automated Processing
- Public Content, Public Civic Actions and Search Visibility
- Location, District and Community Data
- Contacts, Invitations and Social Graph Features
- Payments, Donations and Fundraising
- Messages, Live Rooms, Calls and Community Features
- Cookies, SDKs, Pixels and Similar Technologies
- Advertising, Targeted Advertising and Measurement
- Analytics, Research, Surveys and Aggregated Data
- How We Share Information
- Third-Party Services and Integrations
- International Transfers
- Retention
- Security
- Your Privacy Choices and Controls
- S. State Privacy Rights
- California Notice at Collection
- GDPR/UK GDPR/International Privacy Rights
- Children and Teens
- Account Closure, Deletion and Appeals
- Data Incident Notice
- Changes to This Policy
- Contact Us
Annex A. Data Category Matrix
Annex B. Vendor and Processor Matrix Annex C. Launch Compliance Checklist
1. Overview and Scope
This Privacy Policy explains how UMERGE CORP, a civic engagement and community technology company (“UMERGE,” “we,” “us,” or “our”), collects, uses, discloses, retains, protects, and otherwise processes personal information when people access or use UMERGE websites, mobile applications, WordPress-hosted landing pages, waitlists, forms, content, communications, community features, civic action tools, fundraising features, live rooms, direct messages, AI-assisted features, analytics, advertising tools, and related services (collectively, the “Services”).
UMERGE is designed to help people turn attention into action by discovering issues, engaging with communities, viewing civic content, participating in non-binding polls or votes, creating or supporting petitions, campaigns, fundraisers, boycotts, community actions, events, protests, walkouts, discussions, and other civic or community efforts. Because those activities may reveal sensitive interests, beliefs, affiliations, locations, political opinions, community concerns, or donation history, UMERGE intends to treat privacy as a core product and trust requirement, not as a back-office afterthought.
This Policy applies to users, visitors, waitlist members, creators, organizers, donors, organizational account holders, advertisers, business customers, civic partners, nonprofit partners, candidates, public officials, community members, and other individuals who interact with the Services. It does not apply to third-party websites, app stores, social media platforms, payment processors, identity verification vendors, hosting providers, or other services that have their own privacy policies, except as described where UMERGE receives or controls personal information from those parties.
If you do not agree with this Policy, you should not use the Services. Certain features may require additional notices, consents, permissions, terms, or settings. When a supplemental privacy notice conflicts with this Policy for a specific feature, the supplemental notice controls for that feature.
2. Quick Summary
Topic | Summary |
What UMERGE collects | Account details, profile data, content, civic actions, communications, device data, usage activity, approximate or precise location when enabled, verification data when used, payment/donation metadata, ad/analytics data, and information from partners or public sources. |
Why UMERGE uses it | To operate the platform, personalize feeds, recommend content, enable civic actions, calculate and display reputation or Civic Score features, process payments, verify accounts, improve safety, prevent abuse, measure performance, comply with law, and communicate with users. |
What may be public | Public profiles, posts, comments, petitions, campaign pages, organizer pages, public fundraiser pages, public live room activity, public civic actions, badges, follower counts, and other information users choose to make public. |
Sensitive civic data | Civic participation can reveal political opinions, community priorities, religious or social views, affiliations, union-related interests, or other sensitive information. UMERGE will use layered controls, notices, and consent where legally required. |
Ads and analytics | UMERGE may use analytics and advertising technologies. Some sharing with ad partners may be considered “sharing,” “sale,” or “targeted advertising” under certain U.S. privacy laws, even when no money is exchanged. |
Your controls | You may access, correct, delete, download, restrict, opt out, object, appeal, or control certain processing as provided by applicable law and product settings. |
Minors | The Services are not intended for children under 13. Teens may |
| receive additional protections, and UMERGE should use ageappropriate design and consent flows before enabling teenfacing features. |
3. Key Definitions
Term | Meaning |
Personal Information / Personal Data | Information that identifies, relates to, describes, can reasonably be linked to, or could reasonably identify an individual or household, depending on applicable law. |
Sensitive Personal Information | Information that may include precise geolocation, government ID, racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, health information, biometric identifiers, sexual orientation, immigration status, financial account credentials, or other data treated as sensitive under law. |
Civic Action | A vote, poll response, petition signature, boycott participation, fundraiser donation, campaign action, protest/walkout/strike RSVP, comment, share, repost, live room participation, civic badge, report, or other engagement with civic or community content. |
Civic Score | A UMERGE reputation or trust signal that may consider participation, verification, community contributions, safety signals, and platform rules. It is not a credit score, employment score, housing score, insurance score, government eligibility score, or official voting record. |
Public Content | Content, profile information, interactions, civic actions, or other information that you choose to make public or that is public by feature design. |
Processor / Service Provider | A vendor or partner that processes personal information for UMERGE under contractual restrictions. |
Controller / Business | An entity that determines the purposes and means of processing personal information. For most UMERGE consumerfacing Services, UMERGE CORP is the controller/business. |
4. Who Controls Your Information
For most Services, the data controller or business responsible for your information is UMERGE CORP. UMERGE may operate some services directly and may use service providers, processors, vendors, hosting providers, infrastructure partners, payment processors, identity verification providers, analytics providers, advertising partners, email/SMS providers, customer support tools, security tools, and professional advisors to support the Services.
For privacy requests, contact UMERGE at admin@umerge.co or through any privacy request form UMERGE makes available. If required by law, UMERGE will provide additional contact methods, including a mailing address and toll-free number or webform if applicable. Business mailing address: [Insert UMERGE CORP mailing address].
When a customer, nonprofit, organization, public entity, employer, school, campaign, or partner uses UMERGE as an administrator of its own community or data set, that entity may be an independent controller for some information. UMERGE will honor applicable contracts and data processing terms for those situations.
5. Eligibility and Age Rules
UMERGE is not intended for children under 13. UMERGE does not knowingly collect personal information from children under 13 without verifiable parental consent where required. If we learn that a child under 13 has provided personal information without required consent, we will take appropriate steps to delete or restrict that information.
Users between 13 and 17 may be subject to additional protections, including default privacy settings, limits on targeted advertising, limits on public discoverability, restricted direct messaging, limits on sensitive civic profiling, parental consent where required, and additional safety prompts. UMERGE should not enable teenfacing features until it has implemented appropriate age-screening, safety, and consent controls.
Some features may be limited to adults, including fundraising, donations, paid creator tools, paid ads, organization administration, official candidate/officeholder tools, identity verification, livestream hosting, and certain civic campaign management tools.
6. Information You Provide
We collect information you provide directly or intentionally make available through the Services. The exact information depends on how you use UMERGE.
6.1 Account, Profile and Identity Information
- Name, username, display name, password or authentication credentials, email address, phone number, date of birth or age range, account photo, bio, profile links, city, state, country, language, preferences, and account settings.
- Optional profile details such as interests, communities, causes, skills, creator category, organization affiliation, employer or school, public role, candidate status, nonprofit status, veteran-owned or founder status, and other details you choose to add.
- Verification information such as email verification, phone verification, organization verification, location verification, government ID verification, selfie/video verification, business documentation, nonprofit documentation, tax or payout documentation, or other evidence of authenticity where enabled. 2 Content and Civic Engagement Information
- Posts, captions, comments, replies, reposts, quote posts, images, videos, audio, livestream content, petitions, campaign pages, fundraisers, boycotts, event pages, community action pages, polls, votes, survey responses, badges, reactions, endorsements, reports, appeals, and moderation submissions.
- Civic actions such as signing a petition, creating or supporting a campaign, RSVPing to a protest or community event, donating to a fundraiser, joining a live room, following an issue, supporting a boycott, sharing a policy card, or viewing district-level civic insights.
- Metadata associated with content, including timestamps, device information, location tags, hashtags, mentions, audience settings, edit history, deletion history, moderation history, visibility settings, and interaction metrics.
6.3 Communications and Support
- Messages you send through direct messaging, group messaging, creator/organization inboxes, live rooms, comments, support tickets, emails, SMS, in-app feedback, surveys, bug reports, complaints, appeals, and safety reports.
- Information you provide when you contact us, participate in research, join a waitlist, request a demo, subscribe to newsletters, apply for creator or organization tools, or interact with UMERGE on social media.
6.4 Payment, Donation and Commerce Information
- Donation amount, transaction ID, currency, timestamp, payment method type, billing contact information, refund status, payout information, tax information, and fundraiser or campaign association.
- UMERGE should not store full payment card numbers unless it has a PCI-compliant basis to do so. Payment processors may collect card numbers, bank account numbers, identity verification details, fraud signals, and other financial information under their own terms and privacy policies.
7. Information We Collect Automatically
When you use the Services, we and our service providers may automatically collect information about your device, browser, activity, and interactions. This information helps us operate, secure, personalize, analyze, and improve the Services.
- Device and network information, such as IP address, device identifiers, advertising identifiers, app instance identifiers, browser type, operating system, device model, mobile carrier, language, time zone, network type, crash logs, diagnostic data, and system settings.
- Usage information, such as pages viewed, screens visited, content viewed, searches, clicks, taps, scrolls, dwell time, watch time, shares, follows, reactions, votes, petition interactions, donation interactions, ad interactions, notifications opened, session duration, and referral pages.
- Approximate location based on IP address, device settings, Wi-Fi, Bluetooth, GPS, user-provided location, content tags, or other signals. Precise location will be collected only when enabled by device settings, feature settings, or user permission where required.
- Content interaction signals used for recommendations and safety, such as content categories, engagement patterns, reports, blocks, hides, muted words, saved items, follows, unfollows, and similarity between content and communities.
- Cookie, SDK, pixel, and similar technology information, including identifiers used for analytics, attribution, fraud prevention, performance, personalization, and advertising where enabled.
8. Information From Third Parties
We may receive information from third parties, including:
- Social login or identity providers, such as Google, Apple, Meta, LinkedIn, or other authentication providers, when you choose to connect your account.
- Contacts or invitations if you choose to upload, sync, invite, or find contacts, subject to your device permissions and product settings.
- Payment processors, donation processors, payout processors, fraud prevention vendors, banks, or tax compliance providers.
- Identity, account, organization, nonprofit, candidate, or business verification vendors.
- Analytics, advertising, marketing, attribution, CRM, email, SMS, push notification, and app store partners.
- Public sources, government databases, open data, civic APIs, legislative data sources, public candidate information, public nonprofit records, public social media pages, and public news or community sources used to display or verify civic information.
- Other users who tag you, message you, invite you, report content, provide testimonials, upload contacts, or interact with your content.
UMERGE should not enrich user profiles with sensitive third-party data or infer sensitive traits unless it has a valid legal basis, a clear product purpose, and any required notice or consent. Third-party civic or government data should be labeled with source, date, and limitations where appropriate.
9. Sensitive Information and Civic/Political Data
UMERGE is a civic engagement platform. Your use of the Services may reveal sensitive information, including political opinions, policy preferences, community concerns, religious or philosophical views, racial or ethnic context, immigration-related issues, labor or union-related interests, health-related advocacy, precise location, identity verification details, donation history, or other sensitive information.
UMERGE will not require you to provide sensitive information unless it is needed for a specific feature, required by law, or voluntarily provided by you. If a feature requires sensitive information, UMERGE will provide additional notice and obtain consent where legally required. For example, location-based civic districts, identity verification, government ID verification, donation compliance, fraud prevention, and certain community safety features may require additional controls.
UMERGE does not intend to use sensitive personal information to discriminate, unlawfully profile, suppress lawful civic participation, or make decisions about credit, employment, housing, insurance, government benefits, education, or other rights unrelated to the Services. UMERGE also does not intend to sell sensitive personal information for money. If applicable law treats certain ad-tech or analytics sharing as a sale, sharing, or targeted advertising, UMERGE will provide opt-out mechanisms and honor legally required signals.
Public civic actions are important but can be sensitive. Some activities may be public by design, such as signing a public petition, appearing on a public organizer page, hosting a public live room, or creating a public campaign. Other activities should have audience controls where feasible. You should review feature settings before participating.
10. How We Use Information
We use information for the following purposes, depending on your settings, permissions, applicable law, and the features you use.
Purpose | Examples |
Provide and operate the Services | Create accounts, authenticate users, display profiles, publish content, enable searches, operate feeds, process civic actions, host live rooms, enable messaging, process donations, send notices, provide support, and maintain the platform. |
Personalize and recommend | Rank feeds, recommend posts, people, organizations, issues, actions, petitions, fundraisers, policies, events, live rooms, and communities based on your activity, settings, location, follows, and interests. |
Civic Score and trust systems | Calculate, display, explain, and update reputation or trust signals based on participation, verification, positive contributions, moderation history, safety reports, and other signals disclosed by product notices. |
Safety, integrity and moderation | Detect spam, bots, manipulation, fake accounts, coordinated inauthentic activity, harassment, threats, fraud, misinformation patterns, platform abuse, payment abuse, and violations of policies. |
Verification and compliance | Verify accounts, organizations, fundraisers, candidates, nonprofits, locations, age, identity, payout eligibility, tax information, and compliance obligations. |
Communications | Send service messages, security alerts, updates, newsletters, marketing communications, campaign notifications, event reminders, push notifications, and support responses. |
Payments and fundraising | Process donations, payments, refunds, chargebacks, payouts, receipts, tax forms, fraud screening, and records required by law or processor rules. |
Advertising and measurement | Show and measure ads, sponsored content, promoted civic campaigns, attribution, conversion tracking, audience analytics, frequency capping, fraud prevention, and ad performance where enabled. |
Research and improvement | Improve product design, accessibility, safety, ranking, |
| recommendations, moderation, performance, user experience, market research, surveys, and business strategy. |
Legal and rights protection | Comply with law, respond to lawful requests, enforce terms, protect rights and safety, investigate misuse, defend claims, preserve evidence, and complete corporate transactions. |
11. AI, Recommendations, Civic Score and Automated Processing
UMERGE may use artificial intelligence, machine learning, ranking systems, recommender systems, search models, moderation tools, fraud prevention tools, and scoring logic to operate the Services. These systems may use information such as your content, interactions, follows, location settings, reports, blocks, verification status, content quality signals, safety signals, and engagement patterns.
11.1 Feed and Recommendation Systems
UMERGE may recommend or rank content based on relevance, recency, popularity, civic importance, community interest, district relevance, user preferences, trusted sources, engagement quality, safety considerations, and other factors. UMERGE should provide meaningful controls, such as following feeds, location filters, issue filters, content preferences, mute/block tools, and where feasible, options to reduce personalization. 11.2 Civic Score
Civic Score is intended to be a platform reputation and trust signal. It may help users understand participation, verification, constructive engagement, safety, authenticity, and community contribution. It is not an official government score, credit score, employment score, housing score, insurance score, immigration score, or eligibility score. It should not be used outside UMERGE to make decisions that have legal or similarly significant effects.
UMERGE should provide users with understandable information about major factors affecting Civic Score, ways to improve it, ways to dispute or appeal material errors, and ways to understand whether verification, moderation decisions, reports, or content removals affected the score. UMERGE should avoid secret or discriminatory sensitive-attribute scoring and should monitor the system for unfair, inaccurate, or disproportionate impacts.
11.3 Automated Decisions
UMERGE does not intend to make decisions based solely on automated processing that produce legal or similarly significant effects without appropriate safeguards. Automated systems may assist with feed ranking, recommendations, spam detection, moderation prioritization, identity risk checks, fraud screening, and account security. Where legally required, you may request human review, contest a decision, or obtain additional information about automated processing.
11.4 AI Interactions
If UMERGE offers AI chat, AI search, AI summaries, AI civic explainers, AI moderation, AI recommendations, AI content drafting, or AI support tools, UMERGE may process prompts, questions, uploaded files, generated outputs, feedback, timestamps, account identifiers, and usage metadata. UMERGE should clearly label AI features, avoid using private messages or sensitive civic data to train generalized models without appropriate consent or contractual safeguards, and provide additional notices for AI features as needed.
12. Public Content, Public Civic Actions and Search Visibility
UMERGE includes public and semi-public features. Depending on your settings and feature design, the following may be visible to other users, organizations, search engines, civic partners, advertisers, or the public: profile name, username, profile photo, bio, public posts, comments, reposts, petitions, signatures if public, organizer status, fundraiser pages, donation display name if public, badges, Civic Score or tier if enabled, follower/following relationships, event RSVPs if public, live room participation, and public campaign activity.
Public content may be copied, saved, screenshotted, indexed, cached, quoted, embedded, shared, or archived by other users or third parties, even if you later delete it or change settings. UMERGE will honor deletion and privacy controls within its systems where feasible, but it cannot control copies outside its Services.
You should not post sensitive personal information about yourself or others unless you have the right to do so and understand the consequences. Do not post government IDs, financial account numbers, private addresses, private phone numbers, passwords, private medical information, or personal data about others without authorization.
13. Location, District and Community Data
UMERGE may use location information to show district-relevant content, local policies, local representatives, nearby events, community actions, civic trends, public safety information, local news, issue maps, and geographic insights. Location may be based on information you provide, your device settings, IP address, GPS, Wi-Fi, Bluetooth, SIM card, billing information, content tags, or other signals.
Precise geolocation may be considered sensitive personal information. UMERGE should request explicit permission before collecting precise location from your device and should provide controls to disable precise location, use approximate location, change district or location settings, or remove location tags from content. Some features may not work or may be less accurate without location data.
For civic integrity, UMERGE may use location verification to help confirm district eligibility for certain nonbinding polls, local civic insights, or community features. UMERGE should clearly state when a civic poll is limited to a district, whether the poll is public or anonymous, and whether location verification affects the visibility or weight of participation.
14. Contacts, Invitations and Social Graph Features
If you choose to upload, sync, or import contacts, UMERGE may process names, phone numbers, email addresses, contact labels, and related metadata to help you find friends, invite contacts, prevent spam, and improve recommendations. UMERGE should request device permission before accessing contacts and should provide an option to stop syncing or delete imported contacts where required.
If another user uploads contact information that includes you, UMERGE may use that information to help connect users, prevent abuse, or send invitations where permitted. UMERGE should honor opt-out requests for invitations and marketing messages.
15. Payments, Donations and Fundraising
UMERGE may enable donations, fundraisers, paid campaigns, paid events, subscriptions, creator monetization, tips, purchases, or other commerce features. Payment processing may be handled by third-party payment processors. UMERGE may receive transaction metadata but should not store full card numbers unless it has implemented required PCI DSS controls and has a lawful business need.
- Payment processors may collect payment card numbers, bank account information, billing address, fraud signals, identity verification information, tax information, and transaction history under their own privacy policies.
- UMERGE may use donation and payment information to process transactions, provide receipts, comply with tax, anti-fraud, anti-money laundering, chargeback, sanctions, and campaign finance-related obligations
where applicable, and display public fundraiser information if the donor chooses or the feature requires public display.
- Donations to political committees, candidates, PACs, or regulated campaigns may require additional disclosures, reporting, identity verification, contribution limits, refund procedures, and compliance controls. UMERGE should not enable regulated campaign finance features without specialized legal review.
16. Messages, Live Rooms, Calls and Community Features
UMERGE may offer direct messages, group messages, comments, live rooms, voice/video features, chat, creator inboxes, organization inboxes, and community forums. We may process message metadata, sender and recipient information, timestamps, attachments, reactions, reports, abuse signals, moderation history, and technical logs. We may access message or room content when needed to deliver the feature, enforce policies, investigate abuse, comply with law, provide support, or protect users.
UMERGE should disclose whether any messaging feature is encrypted, whether end-to-end encryption is available, what metadata remains visible, and whether moderators or administrators can access content. Unless UMERGE has implemented true end-to-end encryption and verified operational controls, it should not advertise messages as end-to-end encrypted.
Live rooms, voice/video streams, and events may be recorded, transcribed, moderated, summarized, captioned, or analyzed for safety, accessibility, quality, or compliance if the feature provides notice or settings. Users should not assume that live room participation is private unless UMERGE expressly states that a room is private and implements appropriate controls.
17. Cookies, SDKs, Pixels and Similar Technologies
UMERGE and its partners may use cookies, pixels, SDKs, local storage, tags, device identifiers, advertising identifiers, server logs, and similar technologies. These technologies may help us remember preferences, keep you logged in, secure the Services, detect fraud, measure performance, analyze usage, attribute referrals, improve marketing, and deliver or measure advertising.
For the UMERGE WordPress website, this may include cookies or tags from WordPress plugins, hosting/CDN providers, analytics platforms, email marketing tools, embedded videos, forms, CAPTCHA tools, security plugins, chat widgets, Meta Pixel, Google Analytics, Google Tag Manager, LinkedIn Insight Tag, TikTok Pixel, or other tools if enabled. UMERGE should maintain a live cookie inventory and cookie banner/consent management platform where legally required.
Type | Examples | Controls |
Strictly necessary | Login, security, load balancing, fraud prevention, form submission, consent storage, payment session management. | Usually required; cannot be disabled without impairing Services. |
Functional | Preferences, language, remembering settings, improved user experience. | May be controlled in settings or browser. |
Analytics/performance | Usage measurement, app performance, crash analytics, heatmaps, conversion analytics. | May require consent or opt-out depending on jurisdiction. |
Advertising/targeting | Personalized ads, retargeting, lookalike audiences, ad measurement, frequency capping. | May require consent or opt-out; may be considered sale/share/targeted advertising. |
You may control cookies through browser settings, device settings, app permissions, platform settings, and UMERGE cookie tools if available. Blocking cookies may affect functionality.
18. Advertising, Targeted Advertising and Measurement
UMERGE may show ads, promoted posts, sponsored civic campaigns, sponsored organizations, creator monetization placements, or other sponsored content. Ads may be based on contextual information, content viewed, general location, device data, engagement, interests, demographic segments, inferred preferences, or information from advertising partners if enabled.
UMERGE should provide transparency for ads and sponsored content, including clear labels, advertiser identity where appropriate, ad libraries where appropriate for political or civic advertising, and controls for ad personalization. For regulated political advertising, UMERGE should seek specialized legal review before launch.
Some U.S. state privacy laws define certain advertising disclosures as “sale,” “sharing,” or “targeted advertising,” even when UMERGE does not sell personal information for money. UMERGE should provide a “Do Not Sell or Share My Personal Information” / “Opt Out of Targeted Advertising” mechanism if ad-tech tools trigger those laws. UMERGE should also honor legally required opt-out preference signals, such as Global Privacy Control, where applicable.
UMERGE should avoid using sensitive personal information, precise geolocation, political opinion inferences, government ID data, children/teen data, or private messages for targeted advertising unless it has a lawful basis, clear notice, and legally required consent. Where feasible, civic and political advertising should be limited to contextual or user-controlled targeting.
19. Analytics, Research, Surveys and Aggregated Data
We may use information to create analytics, reports, market research, user research, civic trends, district insights, product insights, safety insights, and aggregated or de-identified data. UMERGE may share aggregated or de-identified insights with users, organizations, nonprofits, researchers, advertisers, public-sector customers, or business partners, provided the information is not reasonably linkable to an individual.
UMERGE should not represent data as anonymous if it remains reasonably linkable to a person, device, household, small group, or unique civic action. For small communities, rare causes, sensitive civic issues, or precise districts, UMERGE should use aggregation thresholds, suppression rules, noise, or other privacyprotective techniques to reduce re-identification risk.
20. How We Share Information
We may disclose personal information in the following ways:
Recipient | Examples |
With other users and the public | Public profiles, public content, public civic actions, comments, signatures if public, organizer pages, public fundraiser details, live room activity, badges, and other information you choose to make visible. |
With service providers/processors | Hosting, cloud infrastructure, databases, storage, CDN, analytics, payments, identity verification, communications, moderation, security, customer support, CRM, email, SMS, app analytics, and similar vendors under contractual restrictions. |
With payment and donation partners | Payment processors, banks, payout providers, tax providers, fraud prevention vendors, and fundraising partners as needed to process transactions and comply with obligations. |
With advertising and measurement partners | Ad platforms, analytics partners, attribution partners, and measurement providers if enabled, subject to opt-outs and applicable law. |
With organizations or administrators | If you join an organization, event, private group, managed community, or partner-sponsored feature, administrators may see certain activity, membership, content, analytics, or profile |
| information. |
With legal, safety and compliance recipients | Law enforcement, regulators, courts, government authorities, emergency responders, rights holders, legal advisors, auditors, insurers, and other parties when legally required or necessary to protect rights, safety, and security. |
With corporate transaction parties | Potential or actual investors, acquirers, lenders, merger partners, successors, advisors, or other parties involved in financing, diligence, restructuring, merger, acquisition, sale, bankruptcy, or transfer of assets. |
UMERGE does not sell personal information for money in the ordinary meaning of “sell.” However, certain disclosures to advertising or analytics partners may be considered a sale, sharing, or targeted advertising under some privacy laws. See Sections 18, 25, 26, and 27 for opt-out rights.
21. Third-Party Services and Integrations
The Services may contain links, embeds, APIs, app store integrations, social login, sharing tools, payment links, maps, videos, social media pages, WordPress plugins, analytics tags, and third-party widgets. Third parties may collect information directly from you and may use their own cookies, SDKs, or tracking technologies. Their privacy policies and terms govern their practices.
If you connect UMERGE to another account, such as Google, Apple, LinkedIn, Meta, TikTok, Stripe, PayPal, or a CRM/email tool, UMERGE may receive information according to your permissions and the third party’s rules. You may need to revoke access through both UMERGE settings and the third-party platform settings.
22. International Transfers
UMERGE may process and store information in the United States and other countries where UMERGE, its service providers, or partners operate. These countries may have data protection laws that differ from those in your location. Where required, UMERGE will use appropriate transfer safeguards, such as standard contractual clauses, data processing agreements, adequacy mechanisms, supplementary measures, or other legally recognized mechanisms.
If UMERGE uses offshore development, support, moderation, or operations resources, it should ensure access is limited, logged, contractually controlled, subject to confidentiality obligations, protected by security safeguards, and restricted to the minimum data necessary for the work. Production database access by offshore contractors should be avoided unless absolutely necessary and protected by role-based access, MFA, audit logs, and contractual data protection controls.
23. Retention
UMERGE retains information for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain accounts, preserve public content, comply with legal obligations, resolve disputes, enforce terms, prevent fraud or abuse, maintain security, and support legitimate business purposes. Retention periods vary based on the type of information, feature, legal obligations, user settings, and operational needs.
Data Type | Retention Criteria |
Account information | While account is active; then for a reasonable period for backup, legal, security, fraud prevention, and compliance purposes. |
Public content | Until deleted by user or removed under policy; copies may persist in backups, caches, quoted content, reposts, or third-party archives. |
Messages | While needed to deliver messaging and maintain safety; deletion may remove visibility but backups and abuse records may remain for limited periods. |
Civic actions | As needed for feature integrity, public display, anti-fraud, analytics, |
| legal compliance, and user controls. Some public campaign records may persist after account closure if necessary to preserve public context. |
Payment/donation records | As required for tax, accounting, financial, fraud, chargeback, campaign compliance, and legal obligations. |
Verification data | Only as long as necessary for verification, fraud prevention, safety, legal compliance, audit, and dispute needs. Government ID images should have strict retention limits. |
Security logs | For a limited period appropriate to detect, investigate, and prevent abuse, unless needed longer for incidents or legal obligations. |
Marketing data | Until you unsubscribe, opt out, or the data is no longer needed, subject to suppression lists for compliance. |
When UMERGE no longer needs information, it will delete, de-identify, aggregate, or archive it according to applicable law and operational constraints. Deletion from active systems may not immediately remove information from backups, logs, legal holds, or third-party systems.
24. Security
UMERGE intends to use reasonable administrative, technical, and physical safeguards designed to protect personal information. Safeguards may include encryption in transit, encryption at rest where appropriate, access controls, least privilege, multifactor authentication, logging, monitoring, vulnerability management, secure software development, vendor diligence, incident response, backup controls, and employee/contractor confidentiality obligations.
No method of transmission or storage is completely secure. Users are responsible for maintaining strong passwords, protecting account credentials, avoiding phishing, updating devices, and promptly notifying UMERGE of suspected unauthorized access. UMERGE should provide account security tools such as MFA, session management, login alerts, and device management where feasible.
For high-risk data such as government ID, precise geolocation, payment records, private messages, sensitive civic data, and children/teen data, UMERGE should apply heightened access restrictions, retention limits, encryption, audit logging, and privacy impact review.
25. Your Privacy Choices and Controls
Depending on your location and the features you use, you may have the following choices and rights:
- Access or know the personal information UMERGE collects about you.
- Correct inaccurate personal information.
- Delete personal information, subject to legal, security, public-interest, and operational exceptions.
- Download or receive a portable copy of certain information.
- Opt out of marketing emails and certain push notifications.
- Opt out of sale, sharing, targeted advertising, or certain profiling where applicable.
- Limit the use or disclosure of sensitive personal information where applicable.
- Withdraw consent where processing is based on consent.
- Object to or restrict certain processing where applicable.
- Appeal a denied privacy request where required by law.
- Control app permissions such as location, contacts, camera, microphone, photos, notifications, and tracking through device settings.
To submit a request, contact admin@umerge.co or use any privacy request form UMERGE provides. UMERGE may need to verify your identity before fulfilling a request. Verification may require confirming account access, email, phone, transaction details, or other information. Authorized agents may submit requests where permitted by law, but UMERGE may require proof of authorization and identity verification.
UMERGE will not discriminate against you for exercising privacy rights, except that some features may be unavailable if the information is necessary to provide them.
26. U.S. State Privacy Rights
Residents of certain U.S. states may have rights under comprehensive privacy laws, including rights to access, correct, delete, obtain a copy of data, opt out of targeted advertising, opt out of sale, opt out of certain profiling, limit or opt out of sensitive data processing, appeal denials, and use authorized agents. The exact rights and UMERGE obligations depend on the state, thresholds, data types, and whether UMERGE is subject to the law.
UMERGE intends to provide a unified privacy request process where practical. State-specific rights may apply to residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states with current or future privacy laws, subject to applicability thresholds and effective dates.
If UMERGE uses targeted advertising, cross-context behavioral advertising, or sells/shares personal information under applicable legal definitions, UMERGE should provide clear opt-out links such as “Do Not Sell or Share My Personal Information” and “Opt Out of Targeted Advertising.” UMERGE should also configure the website to honor legally required opt-out preference signals where applicable. 26.1 Appeals
If UMERGE denies your privacy request and applicable law gives you an appeal right, you may appeal by replying to the denial email or submitting an appeal through UMERGE privacy channels. UMERGE will explain the result of the appeal and, where required, provide information about how to contact the relevant attorney general or privacy regulator.
27. California Notice at Collection
This section provides a California-specific notice at collection. UMERGE may have collected the following categories of personal information in the preceding 12 months, depending on the Services used. UMERGE should tailor this table to actual data practices before launch.
Category | Examples | Purposes | Disclosures |
Identifiers | Name, username, email, phone, IP address, device IDs, cookies, advertising IDs, account IDs. | Account creation, authentication, security, communications, analytics, ads, support. | Service providers; other users if public; advertising/analytics partners if enabled. |
Customer records | Contact details, billing details, transaction records, support records. | Payments, donations, receipts, support, compliance. | Payment processors, service providers, professional advisors. |
Protected classification characteristics | Age range, gender if provided, veteran/community details if provided, other profile details you choose to share. | Eligibility, personalization, community features, safety, analytics. | Other users if public; service providers; analytics partners in aggregated form. |
Commercial information | Donation history, purchases, subscriptions, event tickets, creator tools, ad purchases. | Transaction processing, fraud prevention, analytics, compliance. | Payment processors, fraud vendors, service providers. |
Internet or network activity | Usage logs, views, clicks, searches, interactions, watch time, app activity. | Operate Services, recommendations, analytics, security, advertising. | Service providers; analytics/ad partners if enabled. |
Geolocation | Approximate location, district, city/state, precise location if enabled. | Local civic content, district tools, safety, analytics. | Service providers; other users if location tags are public. |
Audio, visual or electronic information | Photos, videos, audio, livestreams, voice/video rooms, profile images. | User content, live rooms, accessibility, moderation, safety. | Other users/public if posted; service providers. |
Professional or education information | Employer, school, role, organization, public office/candidate info if provided. | Profiles, organization verification, community discovery. | Other users/public if posted; service providers. |
Inferences | Interests, civic issue preferences, content recommendations, trust/safety signals, Civic Score factors. | Personalization, ranking, safety, Civic Score, analytics. | Service providers; ad partners if enabled and lawful. |
Sensitive personal information | Precise geolocation, government ID, account login credentials, political/civic activity, donation details, identity verification data, sensitive profile/content you provide. | Verification, security, civic features, donations, compliance, safety. | Service providers under restrictions; public if you choose to post sensitive content publicly. |
UMERGE does not use or disclose sensitive personal information for purposes that would require a California right to limit unless UMERGE provides the required notice and control. UMERGE does not knowingly sell or share personal information of consumers under 16 without required consent.
28. GDPR/UK GDPR/International Privacy Rights
If you are in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with similar laws, UMERGE will process personal data under applicable legal bases and respect applicable rights. UMERGE should appoint an EU/UK representative or Data Protection Officer if legally required based on scale, monitoring, sensitive data processing, or establishment.
Legal Basis | Examples |
Contract | To create your account, provide the Services, process transactions, display content, provide support, and enforce platform terms. |
Legitimate interests | To secure the Services, prevent fraud, improve products, conduct analytics, moderate content, protect users, and communicate about service matters, balanced against user rights. |
Consent | For optional precise location, contacts upload, certain cookies, marketing emails, sensitive data where required, certain AI/model uses, and ad personalization where required. |
Legal obligation | To comply with tax, accounting, sanctions, law enforcement, consumer protection, payment, privacy, and other legal requirements. |
Public interest / substantial public interest | Only where legally applicable and appropriately safeguarded, such as certain civic integrity or public-interest features. |
Vital interests | In rare cases to protect life, safety, or emergency interests. |
International users may have rights to access, correction, deletion, portability, restriction, objection, withdrawal of consent, and complaint to a supervisory authority. Users may also have rights related to automated decisionmaking. To exercise rights, contact admin@umerge.co.
Special category data, including political opinions or similarly sensitive civic data, requires heightened care under many international laws. UMERGE should minimize collection, provide clear controls, and obtain explicit consent where legally required, especially for sensitive data that is not manifestly made public by the user.
29. Children and Teens
UMERGE does not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe a child under 13 has provided personal information to UMERGE, contact admin@umerge.co. UMERGE will review and take appropriate action.
For teen users, UMERGE should apply age-appropriate protections, including default private settings where appropriate, limits on ad targeting, limits on precise geolocation sharing, restrictions on adult-to-teen direct messaging, safety prompts, reporting tools, and parental/guardian controls where legally required. UMERGE should not process teen data for targeted advertising where prohibited by law.
Schools, youth organizations, nonprofits, or community programs that use UMERGE with minors must have appropriate authority, notices, consents, and safeguards before collecting or sharing student or minor information.
30. Account Closure, Deletion and Appeals
You may close your account or request deletion through settings or by contacting UMERGE. Deletion may remove or anonymize account information in active systems, but certain information may be retained for legal, security, fraud prevention, payment, tax, safety, backup, dispute, public-interest, or compliance purposes. Public content that has been shared, reposted, quoted, cached, or indexed by others may remain outside UMERGE control.
If deletion of a public civic action would undermine public integrity, campaign auditability, fraud prevention, legal compliance, or another legitimate purpose, UMERGE may retain limited records or display modified records, such as removing your name while preserving aggregate counts, subject to applicable law.
If you disagree with a moderation, verification, Civic Score, account restriction, privacy request, or deletion decision, UMERGE should provide an appeal process where required or appropriate.
31. Data Incident Notice
If UMERGE becomes aware of a data security incident involving personal information, it will investigate and take appropriate steps under applicable law. Where legally required, UMERGE will notify affected individuals, regulators, payment processors, app stores, or other parties. The timing and content of notices may depend on law enforcement needs, investigation status, risk of harm, and legal requirements.
32. Changes to This Policy
UMERGE may update this Policy from time to time. The “Last Updated” date indicates when the Policy was last revised. If UMERGE makes material changes, it will provide notice as required by law, such as through the Services, email, in-app notice, website notice, or consent flow. Continued use of the Services after an updated Policy becomes effective means the updated Policy applies to future processing, except where additional consent is required. 33. Contact Us
For privacy questions, requests, appeals, or concerns, contact UMERGE at:
- UMERGE CORP
- Attention: Privacy Team / Legal
- Email: admin@umerge.co
- Mailing Address: [Insert UMERGE CORP mailing address]
- Privacy Request Webform: [Insert URL when available]
If you are in the EEA, UK, Switzerland, or another jurisdiction that requires a local representative or regulator contact, UMERGE should insert the applicable representative and supervisory authority details before public launch.
Annex A – Data Category Matrix
Category | Examples | Sources | Uses | Retention |
Account & profile | Name, username, email, phone, photo, bio, preferences, settings | User; social login; admin | Account, personalization, communications, security | Account life plus retention needs |
Content | Posts, comments, images, videos, audio, live streams, captions, hashtags | User; devices; other users | Publishing, recommendations, moderation, analytics | Until deleted or no longer needed |
Civic actions | Votes/polls, petition signatures, fundraisers, event RSVPs, endorsements, badges | User; platform activity | Civic features, analytics, integrity, public display | Feature-specific; legal/compliance needs |
Messages | Direct/group messages, attachments, metadata, reports | User; recipients | Messaging, safety, support, abuse prevention | Account life or featurespecific limits |
Location | Approximate/precise location, district, region, location tags | Device; user; IP; verification | Local civic content, district insights, safety | As needed; precise location minimized |
Verification | Email/phone verification, ID checks, org docs, business/nonprofit/candidate docs | User; vendors; public records | Authenticity, trust, compliance, anti-fraud | Strict limits; longer for fraud/legal records |
Payments/donations | Transaction amount, processor ID, receipts, refunds, payout/tax records | User; processor; bank | Transactions, compliance, fraud, accounting | Legal/accounting retention periods |
Device & usage | IP, device IDs, logs, app activity, crash data, cookies | Automatic; vendors | Security, analytics, personalization, ads | Limited periods; aggregate where possible |
Inferences & scores | Interests, recommendations, Civic Score factors, safety signals | Platform activity; models | Ranking, trust, safety, personalization | Updated over time; retained as needed |
Annex B – Vendor and Processor Matrix
UMERGE should maintain a live vendor inventory. The table below is a launch template and should be finalized with actual vendors, contracts, data processing terms, security reviews, and international transfer mechanisms.
Vendor Type | Role | Data Processed | Required Controls |
Hosting / Cloud / Database | Website/app hosting, database, storage, CDN, backups, logs | Account, content, usage, device, security data | DPA, access controls, encryption, SOC/security review |
WordPress Hosting & Plugins | Forms, analytics, security, SEO, image optimization, page builder, cookie consent | Visitor data, form entries, cookies, IP addresses | Plugin diligence, cookie inventory, least privilege |
Authentication | Login, MFA, social login, password reset | Identifiers, login data, device data | Security terms, data minimization |
Payments / Donations | Card processing, donations, refunds, payouts, tax | Payment metadata, billing, fraud, tax data | PCI, processor terms, tax compliance |
Identity Verification | ID checks, organization verification, fraud prevention | Government ID, selfie, documents, verification status | Strict retention, encryption, access logging |
Email / SMS / Push | Notifications, marketing, service alerts | Email, phone, device tokens, preferences | Opt-outs, suppression lists |
Analytics / Attribution | Usage metrics, campaign measurement, funnel tracking | Cookies, device IDs, usage data | Consent/opt-out, vendor contracts |
Advertising | Ads, retargeting, sponsored content, measurement | Identifiers, device data, usage, inferences | Opt-out, GPC, restricted sensitive targeting |
Customer Support / CRM | Tickets, support chat, demo forms, waitlist | Contact info, issue content, account metadata | Role-based access, retention limits |
Moderation / Trust & Safety | Content review, abuse detection, appeals | Content, reports, account data, safety signals | Confidentiality, audit logs, quality control |